1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
|
.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.\" fake.8
.\" Horms horms@verge.net.au
.\"
.\" Fake
.\" Script to spoof an ip
.\" Designed to create redundant servers
.\" Copyright (C) 1998 Horms <horms@verge.net.au>
.\"
.\" This program is free software; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of the
.\" License, or (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program; if not, write to the Free Software
.\" Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
.\" 02111-1307 USA
.\"
.\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.TH FAKE 8 "9 June 2004"
.SH NAME
fake \- IP address takeover tool
.SH SYNOPSIS
\fBfake\fP [\fBremove\fP] \fIIP_ADDRESS\fP
.SH DESCRIPTION
The \fBfake\fP utility enables the switching in of a backup server
by bringing up an additional interface and using ARP spoofing to
take over \fIIP_ADDRESS\fP.
.PP
Variants of the script have been used extensively at Zip World
(http://www.zipworld.com.au/) for backing up
mail, web and proxy servers.
Although this system has been shown to work you are well advised to
test the system thoroughly before putting it into production.
.PP
Please read the documents in \fI/usr/share/doc/fake/\fP
for an explanation of how \fBfake\fP works
and for a discussion of issues surrounding its use.
.SH OPTIONS
.TP
.B remove
Stop the takeover of an IP address.
Without this option, fake starts the takeover of an IP address.
.SH "GLOBAL CONFIGURATION FILE"
The global configuration file is in \fI/etc/fake/.fakerc\fP.
The settings there are overridden by those in \fI${HOME}/.fakerc\fP.
Here is a sample configuration file.
.nf
############################################################
# Set up basic environment for fake
# Variables are set as bash variables
# i.e. <VARIABLE>=<value>
#
# Must set:
# ARP_DELAY: Delay in seconds between gratuitous ARP
# PID_DIR: Directory where PID files are kept
# INSTANCE_CONFIG_DIR: Directory where specific
# configuration files for an IP address takeover are kept
# CLEAR_ROUTERS_FILE: New line delimited list of routers to rsh
# to and execute "clear arp-cache"
# FAKE_RSH: Programme to use to "rsh" to another machine
# to obtain macaddress by running ifconfig
#
# PATH can be set here to ensure that send_arp is in the
# path
############################################################
FAKE_HOME="/etc/fake"
#PATH=/sbin:/usr/sbin:/bin:/usr/bin
ARP_DELAY=1
CLEAR_ROUTERS_FILE="$FAKE_HOME/clear_routers"
PID_DIR="/var/run"
INSTANCE_CONFIG_DIR="$FAKE_HOME/instance_config"
#Only needed if you wish to send gratuitous ARP
#advertising the "real" mac address when turning fake off
#FAKE_RSH=ssh
.fi
.SH "INSTANCE CONFIGURATION"
To configure an instance of \fBfake\fP,
create \fI/etc/fake/instance_config/<IP-address-to-take-over>.cfg\fP
with the following format:
.nf
SPOOF_IP=<IP-address-to-take-over>
.fi
The SPOOF_IP variable must contain the same IP address as appears
in the name of the file.
This is checked at run time.
.nf
IFCONFIG=TRUE|FALSE
SPOOF_NETMASK=<netmask-of-network-that-IP-address-to-take-over-is-on>
TARGET_INTERFACE=<interface-to-bring-up>
.fi
If the IFCONFIG variable is set to \fBTRUE\fP, the address specified by SPOOF_IP
will be brought up on the interface specified by TARGET_INTERFACE;
SPOOF_NETMASK and TARGET_INTERFACE must also be defined.
.PP
For obvious reasons it is very important that the TARGET_INTERFACEs
of running instances of \fBfake\fP all be different from one another.
.PP
Optionally if you wish to \fBrsh\fP to the main server and
advertise the "real" MAC address when turning \fBfake\fP off then
set the following;
.nf
FOREIGN_INTERFACE=<interface-on-foreign-host-with-MAC-address-to-use>
FOREIGN_ARP=<number-of-ARPs-to-send-with-real-MAC-address>
.fi
To use this last feature in an automated fashion you will
need to be able to $FAKE_RSH to $SPOOF_IP from the host that
\fBfake\fP runs on without manual authentication.
With \fBrsh\fP this is typically achived using \fI.rhosts\fP;
with \fBssh\fP an RSH key with an empty passphrase can be employed.
.PP
Here is an example of \fI/etc/fake/instance_config/203.12.97.7.cfg\fP:
.nf
SPOOF_IP=203.12.97.7
IFCONFIG=TRUE
SPOOF_NETMASK=255.255.255.0
TARGET_INTERFACE=eth0:2
FOREIGN_INTERFACE=eth0
FOREIGN_ARP=5
.fi
.SH ACTIVATION
To activate \fBfake\fP, run:
.nf
fake <IP-address-to-take-over> &
.fi
Logs will be made to the local0.notice syslog facility.
.PP
On startup you should see messages in the syslog;
running \fBifconfig\fP should show the new interface;
running \fBroute\fP should show a route for the spoofed IP address
on the new interface (which is needed so the machine that \fBfake\fP
is running on can communicate correctly to this IP address);
and
running \fBtcpdump -i <interface> arp\fP should show the
gratuitous ARP packets.
.SH DEACTIVATION
To deactivate, run:
.nf
fake remove <IP-address-to-take-over>
.fi
.PP
As of version 1.1.2 the \fBfake\fP process can be sent a SIGTERM or
SIGHUP to effect the removal.
.PP
On removal you should see a message in the syslog;
\fBifconfig\fP should show that the new interface has been removed;
\fBroute\fP should show that the new route has been removed;
and
\fBtcpdump\fP should show that the gratuitous ARP has stopped.
.PP
.B Note:
Activating \fBfake\fP multiple times with the same
arguments has the same effect as activating it once.
Similarly, deactivating fake multiple times with the same arguments
has the same effect as deactivating it once.
.SH FILES
.TP
.I /etc/fake/.fakerc
.TP
.I /etc/fake/clear_routers
.TP
.I /etc/fake/instance_config/<IP-address>.cfg
.TP
.I /var/run/fake.<IP-address>.pid
.SH AUTHOR
Horms <horms@verge.net.au>
|